search for: ohprs

...4 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } verbose_ssl = yes Thanks, Mark Foley

...? If it doesn't 'just work' with the config changes in the wiki, you may need to recompile with the right features. Also - check the permissions of the ntlm_auth program. That's caused many issues with Radius installs, IIRC. Hope that helps! Rick Quoting Mark Foley <mfoley at ohprs.org>: > This can't be that hard. I think I've enabled LDAP in Dovecot just by > including > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > now have > the configuration shown below. Two questions: > > 1. How do I set Outlook to authenticate...

...you still miss the gssapi module for dovecot. Am 03.07.2016 um 19:42 schrieb Mark Foley: > Achim, > > This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req > /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req > /etc/ssl/certs/OHPRS/easyrsa/private/ca.key > /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key > /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt > > $ openssl x509 -text -...

...e failed ntlm look-up is looking up user mark at hprs in shadow, which it doesn't find. Is there a way to strip the "@hprs" bit from the user so it can find the correct entry in /etc/shadow? That might fix the problem. --Mark -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Sat, 05 Sep 2015 17:12:50 -0400 To: dovecot at dovecot.org Subject: Re: How to "Windows Authenticate" Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includ...

...m.local is not recommded for several reasons. My current domain is hprs.local. So, as long as I'm starting from scratch I would like to take the opportunity to get this right. In wiki section "Using Your external Domain Name", it says I could simply use the external domain name, e.g. ohprs.org. Here's where I'm confused. If I use ohprs.org as the AD domain and e.g. DC1.ohprs.org is my AD/DC, how does name resolution work with other domain members? For example, webserver.ohprs.org is a current, public FDQN which resolves to 98.102.63.106. Inernally this host's IP within t...

...oes not support Exchange. What are all the SBS/Exchange/Outlook small businesses doing? Limping along with SBS2008/11, or putting their email in Outlook.com? Seems like the Samba4/dovecot/Outlook combo would be an ideal migration. I appreciate your help. > > Quoting Mark Foley <mfoley at ohprs.org>: > > > More info ... > > > > My dovecot error log shows: > > > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > > service=imap > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > > ?user=mark at hprs? ori...

...passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } verbose_ssl = yes dovecot log after doing 'Test Account Settings' in Outlook: Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for EC...

...cot is receiving.? I assume /etc/nsswitch.conf has been modified to use Samba? Sorry I haven't done this, but it doesn't seem like anyone else has either - so I'm just shooting in the dark here trying to get you steered in the right direction... Rick Quoting Mark Foley <mfoley at ohprs.org>: > More info ... > > My dovecot error log shows: > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > service=imap > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > ?user=mark at hprs? original_user=mark at HPRS > Sep 05 16:45:19...

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for authenticating Android.? Problem...

Achim, This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. I used easy-rsa to create a cert. Files are: /etc/ssl/certs/OHPRS/easyrsa/ca.crt /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req /etc/ssl/certs/OHPRS/easyrsa/private/ca.key /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt $ openssl x509 -text -in /etc/ssl/certs/OHPRS/easyrsa/is...

...in auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_ssl = yes -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Wed...

...cal/ mutt me: $ MAIL=imap://mark at server.domain.local/ mutt -F /etc/Muttrc I get the mutt message, "Certificate host check failed: certificate owner does not mathc hosthame mail.hprs.local". After that, in the mutt screen, I get: -----BEGIN------ This certificate belongs to: mail.ohprs.org Unknown Unknown Domain Control Validated Unknown This certificate was issued by: Go Daddy Secure Certificate Authority - G2 Unknown GoDaddy.com, Inc. http: Scottsdale This certificate is valid from Aug 14 21:38:38 2015 GMT to Aug 15 17:49:32 2016 GMT Finger...

...sending this message directly to you to spare the sambalist from my certificate trials. > I'm hoping you'll still hang in there a bit longer, though I'm close to giving up on this > whole thing myself. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req > /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req > /etc/ssl/certs/OHPRS/easyrsa/private/ca.key > /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key > /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt > > $ openssl x509 -text -...

...43 rport=56184 Sep 08 18:38:16 auth: Debug: client passdb out: CONT 1 Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,<vPWqBUQfeADAqAA6>): user not authenticated: NT_STATUS_LOGON_FAILURE Sep 08 18:38:18 auth: Debug: client passdb out: FAIL 1 Notice that my userid (mark or mark at ohprs) is nowhere to be found. Whereas when I specified the userdb passwd at least it had a user id in the error log. From my previous test with userdb passwd amd passdb shadow: Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ??user=mark at hprs? original_user=mark at HPRS Sep 05 16:45:19...

...ded to stop replicating one of my trusted domains (and began rejecting auths for linked mailboxes from that domain) and in short I really just hate that environment with every fiber of my being and would love to see a decent free Exchange replacement on *nix. Rick Quoting Mark Foley <mfoley at ohprs.org>: > More experimentation ... > > I tried removing userdb and passdb from the dovecot NTLM config. That > didn't > work. I then tried adding a static userdb as follows: > > userdb { > driver = static > #? allow_all_users = yes > args = gid=100 home=/home/HPR...

...4 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2015-08-14/57aa6ed6ae98b4c7.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/my.server.name.key userdb { driver = passwd } verbose_ssl = yes Here's what I've tried so far as 10-auth.conf: disable_plaintext_auth = no auth_use_winbind = yes info_log_path = /var/log/dovecot_i...

Also it seems we lack support for NTLMv2. If you want to use NTLM you need to permit use of NTLM(v1), which is usually not enabled by default. Aki > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in Dovecot? > > I'll post this one last time. If I still have no responses I'll have to conclude tha...

...7 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain ntlm auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { args = uid=3000026 gid=100 home=/home/HPRS/mark allow_all_users=yes driver = static } verbose_ssl = yes Dovecot log results after setting my Outlook to SPA and clicking the 'Test Acco...

On 08/08/2023 14:15, Mark Foley via samba wrote: > My current AD domain is hprs.local. Per advice in this list I'm planning on > naming the new domain ad.ohprs.org. Currently, users login from Windows with > "HPRS\joe" as their login ID. What will they use for the ID on the new domain: > "OHPRS\joe" or will they have to use e.g. "ad.ohprs.org\joe"? > > I haven't join a domain member yet so I'm not quite a...

It should work. Although if you are using linux server you might want to use gssapi instead. > On June 25, 2016 at 7:43 PM Mark Foley <mfoley at ohprs.org> wrote: > > > I've asked this several times over the past year with essentially zero responses. I'll keep it simple: > > Does NTLM authentication work in Dovecot? > > I'll post this one last time. If I still have no responses I'll have to conclude tha...